Hi Nicolas, As you already know, all authentication methods implemented in NiFi require a secure connection. Each implementation class uses HttpServletRequest.isSecure method to determine if authentication is necessary.
For example, JWTAuthenticationFilter: https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java#L42 NiFi uses Jetty inside, and Jetty has ForwardedRequestCustomizer which uses X-Forwarded-* headers to customize requests so that NiFi sees HTTP requests forwarded by a reverse-proxy server as HTTPS. But NiFi doesn't use that currently. So, I believe enabling auth in HTTP is not supported now. There have been similar requests and existing JIRA NIFI-6152 (that is specific for OIDC though). https://issues.apache.org/jira/browse/NIFI-6152 Which authentication method are you planning to use? Thanks, Koji On Fri, Jul 5, 2019 at 5:43 PM Nicolas Delsaux <[email protected]> wrote: > > Hi > > I'm trying to deploy Nifi in Kubernetes with authentcation. > > In Kubernetes, it is possible (and recommended in my organization) to > have SSL managed by cluster at edge route level. Which means request > seen by Nifi are http ones. > > According to nifi documentation, it seems to imply no authentication is > possible in this case. > > However, in our context, the X-Forwarded-Proto header is set (see > https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_request_fields), > which could be used to enable authentication in HTTP. > > So is it possible to do that ? And if so, how ? >
